Ensure No 'root' User Account Access Key Exists Rule
This rule ensures no access key exists for the 'root' user account.
| Rule | Ensure no 'root' user account access key exists |
| Framework | cis_v140 |
| Severity | ✔ High |
Ensure No 'Root' User Account Access Key Exists for CIS v1.4.0
The Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark v1.4.0 contains a recommendation to ensure that the 'root' user's access keys are not used and do not exist. The root account has full access to all resources in the AWS account, and it is a best practice to only use the root account to perform a limited number of tasks that cannot be done with other types of credentials.
Description of the Rule
The rule is aimed at improving the security of AWS accounts by eliminating the risk associated with misuse or compromise of root user access keys. Secure management of root access keys includes deleting and not creating new keys for the root user account.
Troubleshooting Steps
If an access key for the root user is detected, the following steps can inform you on how to remove it:
- 1.Sign in to the AWS Management Console as the root user.
- 2.Navigate to the "My Security Credentials" section from the account drop-down on the top right.
- 3.In the "Access keys" section, you will see the access key if one exists.
- 4.Click on "Delete" to remove the access key.
Remediation Steps
- 1.Delete the Root Access Key:
- Sign in to AWS Management Console with the root user credentials.
- Navigate to 'My Security Credentials' under the account name on the dashboard.
- Under the 'Access keys for CLI, SDK, & API access' section, locate any existing access key.
- Click the 'Delete' button next to the access key and confirm the deletion.
- 2.Use IAM Users and Roles:
- For everyday tasks, rely on IAM users and roles with the necessary permissions rather than using the root user.
- Use the root user only to create your first IAM user and then securely lock away the root user credentials.
- 3.Enable Multi-Factor Authentication (MFA):
- Secure the root user account by enabling MFA.
- On the same 'My Security Credentials' page, go to the "Multi-Factor Authentication (MFA)" section and click on "Activate MFA."
CLI Command for Remediation
To programmatically identify and remove the root user's access keys, AWS CLI can be used.
- 1.
List Access Keys for the Root Account:
aws iam list-access-keys --user-name root - 2.
Delete the Root User Access Key:
aws iam delete-access-key --access-key-id [ACCESS_KEY_ID] --user-name rootReplace
with the actual access key ID you intend to delete. This action cannot be reversed.[ACCESS_KEY_ID]
Additional Security Measures and Best Practices
- Frequently review and monitor the root account for any activity. AWS CloudTrail can help in auditing.
- Establish a strong password policy for the root user account.
- Regularly perform security assessments to evaluate compliance with CIS benchmarks.
By following these guidelines and incorporating them into your cloud security posture, you help ensure that the root user account remains secure and minimize the potential for unauthorized access and activities within your AWS environment. This adherence to best practices also enhances the SEO of the information by presenting a focused and authoritative content on security practices.